Comment 9 for bug 1806961

I'm reporting this bug, not for personal reasons, but for concern for users that just like the look of lightdm, and install lightdm without thinking more about it. They get no warnings, and they open themselves up to a massive vulnerability, while the proper configuration should have been done automatically either by dkpg-reconfigure or by apt itself.

This is not an issue i ran into myself, but an issue I found on the computers at the cs department of my university. The computers there are used by multiple people with a sso system. This exploit allowed me full access to the user accounts of a significant amount of users, all because a sysadmin was unaware of this problem.

I agree that adding light-locker as a dependency might not be the best solution, but there should at least be warnings.